package com.gateway.config;

import lombok.extern.slf4j.Slf4j;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;

import javax.annotation.Resource;

import static com.example.common.constant.Constant.ResourceServerId.ORDER_SERVICE;

/**
 * 网关资源服务器配置
 * 因为网关本质上是一个资源服务器
 * <p>
 * 用这个类来控制对 order-service 的访问
 *
 * @author 罗俊华
 * @date 2022/3/14 - 3:43 下午
 */
@Slf4j
//@EnableResourceServer
@Configuration
public class OrderResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Resource
    private TokenStore tokenStore;

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {

//        本资源服务器的id
        resources.resourceId(ORDER_SERVICE)
//                调用远程auth service 来验证令牌是否有效的服务
//                .tokenServices(resourceServerTokenServices())

//                调用本地的 tokenStore 对象来验证 用户的token是否有效
                .tokenStore(tokenStore)
                .stateless(true);

    }


    /*@Override
    public void configure(HttpSecurity http) throws Exception {

        http
                .authorizeRequests()
                .antMatchers("/order/**")
                .authenticated()
                // authorization server 中的 第三方 client 所拥有的 scope
                //.access("#oauth2.hasAnyScope('add')")
                .antMatchers("/oauth/**")
                .permitAll()



                .and()

                .sessionManagement()
                *//**
                 * 因为所有的一切都是基于 token 进行认证的，所以就可以把 session 给彻底关闭了
                 * *//*
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS);


    }*/
}
